package web_hr;

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.sql.*;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
/**
 * Servlet implementation class CheckLogin
 */
@WebServlet("/CheckLogin")
public class CheckLogin extends HttpServlet {
	//static String username;
	private static final long serialVersionUID = 1L;
       
    /**
     * @see HttpServlet#HttpServlet()
     */
    public CheckLogin() {
        super();
        // TODO Auto-generated constructor stub
    }

	/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
	}

	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		
		String  username = request.getParameter("username");
		String password = request.getParameter("password");
		//此处写在try外边避免了写在try内部外部就不能调用的问题
		Model m = null;                                                    
		//search from database
		try{
			m=new Model("hr_employee");
			//select user is exit or not
             ResultSet rs=m.eQuery("select password,role from hr_employee where username='"+username+"'");   
			//rs=DBhelper.executeSelect(stmt, "select password from HR_EMPLOYEE where username='"+username+"'");
            //System.out.println("123");
			if(rs.next()){				
					if(password.equals(rs.getString("password")))
					{
						String role = rs.getString(2);
						HttpSession session = request.getSession(true);    //request.getSession(true/false/null)有这三种方法   request.getSession()自动调用了   request.getSession(true)  如果   create==true那么返回一个新建的HttpSession；如果   create==false，那么返回   null。
						session.setAttribute("username",username);
						session.setAttribute("role",role);                //将username和role放在session 方便后面程序调用
						response.sendRedirect("employee/employee.jsp");						
					}
					else{			
						request.setAttribute("message","Password wrong!<br/>please login again");
						request.setAttribute("url","login.jsp");
						request.getRequestDispatcher("/redirect.jsp").forward(request,response);
					
					}
				}
			else{			
				request.setAttribute("message","username is not exist!<br/>please login again");
				request.setAttribute("url","login.jsp");
				request.getRequestDispatcher("/redirect.jsp").forward(request,response);
			}
		}catch(SQLException e){
			request.setAttribute("message","login wrong<br/>please login again");
			request.setAttribute("url","login.jsp");
			request.getRequestDispatcher("/redirect.jsp").forward(request,response);
		}finally{
			m.close();
		}
	}

}
